Vulnerability Description
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Acrobat Reader | 8.2.3 |
| Adobe | Acrobat | 9.3.3 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/40766Vendor Advisory
- http://securityevaluators.com/files/papers/CrashAnalysis.pdf
- http://www.us-cert.gov/cas/techalerts/TA10-231A.htmlUS Government Resource
- http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-secur
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/40766Vendor Advisory
- http://securityevaluators.com/files/papers/CrashAnalysis.pdf
- http://www.us-cert.gov/cas/techalerts/TA10-231A.htmlUS Government Resource
- http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-secur
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2010-2862?
CVE-2010-2862 is a vulnerability with a CVSS score of 9.3 (HIGH). Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Ma...
How severe is CVE-2010-2862?
CVE-2010-2862 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2862?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat Reader, Adobe Acrobat.